//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension PcaConnectorAd {
    // MARK: Enums

    public enum AccessRight: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allow = "ALLOW"
        case deny = "DENY"
        public var description: String { return self.rawValue }
    }

    public enum ApplicationPolicyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allApplicationPolicies = "ALL_APPLICATION_POLICIES"
        case anyPurpose = "ANY_PURPOSE"
        case attestationIdentityKeyCertificate = "ATTESTATION_IDENTITY_KEY_CERTIFICATE"
        case certificateRequestAgent = "CERTIFICATE_REQUEST_AGENT"
        case clientAuthentication = "CLIENT_AUTHENTICATION"
        case codeSigning = "CODE_SIGNING"
        case ctlUsage = "CTL_USAGE"
        case digitalRights = "DIGITAL_RIGHTS"
        case directoryServiceEmailReplication = "DIRECTORY_SERVICE_EMAIL_REPLICATION"
        case disallowedList = "DISALLOWED_LIST"
        case dnsServerTrust = "DNS_SERVER_TRUST"
        case documentEncryption = "DOCUMENT_ENCRYPTION"
        case documentSigning = "DOCUMENT_SIGNING"
        case dynamicCodeGenerator = "DYNAMIC_CODE_GENERATOR"
        case earlyLaunchAntimalwareDriver = "EARLY_LAUNCH_ANTIMALWARE_DRIVER"
        case embeddedWindowsSystemComponentVerification = "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"
        case enclave = "ENCLAVE"
        case encryptingFileSystem = "ENCRYPTING_FILE_SYSTEM"
        case endorsementKeyCertificate = "ENDORSEMENT_KEY_CERTIFICATE"
        case fileRecovery = "FILE_RECOVERY"
        case halExtension = "HAL_EXTENSION"
        case ipSecurityEndSystem = "IP_SECURITY_END_SYSTEM"
        case ipSecurityIkeIntermediate = "IP_SECURITY_IKE_INTERMEDIATE"
        case ipSecurityTunnelTermination = "IP_SECURITY_TUNNEL_TERMINATION"
        case ipSecurityUser = "IP_SECURITY_USER"
        case isolatedUserMode = "ISOLATED_USER_MODE"
        case kdcAuthentication = "KDC_AUTHENTICATION"
        case kernelModeCodeSigning = "KERNEL_MODE_CODE_SIGNING"
        case keyPackLicenses = "KEY_PACK_LICENSES"
        case keyRecovery = "KEY_RECOVERY"
        case keyRecoveryAgent = "KEY_RECOVERY_AGENT"
        case licenseServerVerification = "LICENSE_SERVER_VERIFICATION"
        case lifetimeSigning = "LIFETIME_SIGNING"
        case microsoftPublisher = "MICROSOFT_PUBLISHER"
        case microsoftTimeStamping = "MICROSOFT_TIME_STAMPING"
        case microsoftTrustListSigning = "MICROSOFT_TRUST_LIST_SIGNING"
        case ocspSigning = "OCSP_SIGNING"
        case oemWindowsSystemComponentVerification = "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"
        case platformCertificate = "PLATFORM_CERTIFICATE"
        case previewBuildSigning = "PREVIEW_BUILD_SIGNING"
        case privateKeyArchival = "PRIVATE_KEY_ARCHIVAL"
        case protectedProcessLightVerification = "PROTECTED_PROCESS_LIGHT_VERIFICATION"
        case protectedProcessVerification = "PROTECTED_PROCESS_VERIFICATION"
        case qualifiedSubordination = "QUALIFIED_SUBORDINATION"
        case revokedListSigner = "REVOKED_LIST_SIGNER"
        case rootListSigner = "ROOT_LIST_SIGNER"
        case rootProgramAutoUpdateCaRevocation = "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"
        case rootProgramAutoUpdateEndRevocation = "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"
        case rootProgramNoOscpFailoverToCrl = "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"
        case secureEmail = "SECURE_EMAIL"
        case serverAuthentication = "SERVER_AUTHENTICATION"
        case smartCardLogin = "SMART_CARD_LOGIN"
        case spcEncryptedDigestRetryCount = "SPC_ENCRYPTED_DIGEST_RETRY_COUNT"
        case spcRelaxedPeMarkerCheck = "SPC_RELAXED_PE_MARKER_CHECK"
        case timeStamping = "TIME_STAMPING"
        case windowsHardwareDriverAttestedVerification = "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"
        case windowsHardwareDriverExtendedVerification = "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"
        case windowsHardwareDriverVerification = "WINDOWS_HARDWARE_DRIVER_VERIFICATION"
        case windowsHelloRecoveryKeyEncryption = "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"
        case windowsKitsComponent = "WINDOWS_KITS_COMPONENT"
        case windowsRtVerification = "WINDOWS_RT_VERIFICATION"
        case windowsSoftwareExtensionVerification = "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"
        case windowsStore = "WINDOWS_STORE"
        case windowsSystemComponentVerification = "WINDOWS_SYSTEM_COMPONENT_VERIFICATION"
        case windowsTcbComponent = "WINDOWS_TCB_COMPONENT"
        case windowsThirdPartyApplicationComponent = "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"
        case windowsUpdate = "WINDOWS_UPDATE"
        public var description: String { return self.rawValue }
    }

    public enum ClientCompatibilityV2: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case windowsServer2003 = "WINDOWS_SERVER_2003"
        case windowsServer2008 = "WINDOWS_SERVER_2008"
        case windowsServer2008R2 = "WINDOWS_SERVER_2008_R2"
        case windowsServer2012 = "WINDOWS_SERVER_2012"
        case windowsServer2012R2 = "WINDOWS_SERVER_2012_R2"
        case windowsServer2016 = "WINDOWS_SERVER_2016"
        public var description: String { return self.rawValue }
    }

    public enum ClientCompatibilityV3: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case windowsServer2008 = "WINDOWS_SERVER_2008"
        case windowsServer2008R2 = "WINDOWS_SERVER_2008_R2"
        case windowsServer2012 = "WINDOWS_SERVER_2012"
        case windowsServer2012R2 = "WINDOWS_SERVER_2012_R2"
        case windowsServer2016 = "WINDOWS_SERVER_2016"
        public var description: String { return self.rawValue }
    }

    public enum ClientCompatibilityV4: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case windowsServer2012 = "WINDOWS_SERVER_2012"
        case windowsServer2012R2 = "WINDOWS_SERVER_2012_R2"
        case windowsServer2016 = "WINDOWS_SERVER_2016"
        public var description: String { return self.rawValue }
    }

    public enum ConnectorStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case creating = "CREATING"
        case deleting = "DELETING"
        case failed = "FAILED"
        public var description: String { return self.rawValue }
    }

    public enum ConnectorStatusReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case caCertificateRegistrationFailed = "CA_CERTIFICATE_REGISTRATION_FAILED"
        case directoryAccessDenied = "DIRECTORY_ACCESS_DENIED"
        case insufficientFreeAddresses = "INSUFFICIENT_FREE_ADDRESSES"
        case internalFailure = "INTERNAL_FAILURE"
        case invalidSubnetIpProtocol = "INVALID_SUBNET_IP_PROTOCOL"
        case privatecaAccessDenied = "PRIVATECA_ACCESS_DENIED"
        case privatecaResourceNotFound = "PRIVATECA_RESOURCE_NOT_FOUND"
        case securityGroupNotInVpc = "SECURITY_GROUP_NOT_IN_VPC"
        case vpcAccessDenied = "VPC_ACCESS_DENIED"
        case vpcEndpointLimitExceeded = "VPC_ENDPOINT_LIMIT_EXCEEDED"
        case vpcResourceNotFound = "VPC_RESOURCE_NOT_FOUND"
        public var description: String { return self.rawValue }
    }

    public enum DirectoryRegistrationStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case creating = "CREATING"
        case deleting = "DELETING"
        case failed = "FAILED"
        public var description: String { return self.rawValue }
    }

    public enum DirectoryRegistrationStatusReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case directoryAccessDenied = "DIRECTORY_ACCESS_DENIED"
        case directoryNotActive = "DIRECTORY_NOT_ACTIVE"
        case directoryNotReachable = "DIRECTORY_NOT_REACHABLE"
        case directoryResourceNotFound = "DIRECTORY_RESOURCE_NOT_FOUND"
        case directoryTypeNotSupported = "DIRECTORY_TYPE_NOT_SUPPORTED"
        case internalFailure = "INTERNAL_FAILURE"
        public var description: String { return self.rawValue }
    }

    public enum HashAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case sha256 = "SHA256"
        case sha384 = "SHA384"
        case sha512 = "SHA512"
        public var description: String { return self.rawValue }
    }

    public enum IpAddressType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case dualstack = "DUALSTACK"
        case ipv4 = "IPV4"
        public var description: String { return self.rawValue }
    }

    public enum KeySpec: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case keyExchange = "KEY_EXCHANGE"
        case signature = "SIGNATURE"
        public var description: String { return self.rawValue }
    }

    public enum KeyUsagePropertyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "ALL"
        public var description: String { return self.rawValue }
    }

    public enum PrivateKeyAlgorithm: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case ecdhP256 = "ECDH_P256"
        case ecdhP384 = "ECDH_P384"
        case ecdhP521 = "ECDH_P521"
        case rsa = "RSA"
        public var description: String { return self.rawValue }
    }

    public enum ServicePrincipalNameStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case creating = "CREATING"
        case deleting = "DELETING"
        case failed = "FAILED"
        public var description: String { return self.rawValue }
    }

    public enum ServicePrincipalNameStatusReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case directoryAccessDenied = "DIRECTORY_ACCESS_DENIED"
        case directoryNotReachable = "DIRECTORY_NOT_REACHABLE"
        case directoryResourceNotFound = "DIRECTORY_RESOURCE_NOT_FOUND"
        case internalFailure = "INTERNAL_FAILURE"
        case spnExistsOnDifferentAdObject = "SPN_EXISTS_ON_DIFFERENT_AD_OBJECT"
        case spnLimitExceeded = "SPN_LIMIT_EXCEEDED"
        public var description: String { return self.rawValue }
    }

    public enum TemplateStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case deleting = "DELETING"
        public var description: String { return self.rawValue }
    }

    public enum ValidationExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case fieldValidationFailed = "FIELD_VALIDATION_FAILED"
        case invalidCaSubject = "INVALID_CA_SUBJECT"
        case invalidPermission = "INVALID_PERMISSION"
        case invalidState = "INVALID_STATE"
        case mismatchedConnector = "MISMATCHED_CONNECTOR"
        case mismatchedVpc = "MISMATCHED_VPC"
        case noClientToken = "NO_CLIENT_TOKEN"
        case other = "OTHER"
        case unknownOperation = "UNKNOWN_OPERATION"
        public var description: String { return self.rawValue }
    }

    public enum ValidityPeriodType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case days = "DAYS"
        case hours = "HOURS"
        case months = "MONTHS"
        case weeks = "WEEKS"
        case years = "YEARS"
        public var description: String { return self.rawValue }
    }

    public enum ApplicationPolicy: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// The object identifier (OID) of an application policy.
        case policyObjectIdentifier(String)
        /// The type of application policy
        case policyType(ApplicationPolicyType)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .policyObjectIdentifier:
                let value = try container.decode(String.self, forKey: .policyObjectIdentifier)
                self = .policyObjectIdentifier(value)
            case .policyType:
                let value = try container.decode(ApplicationPolicyType.self, forKey: .policyType)
                self = .policyType(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .policyObjectIdentifier(let value):
                try container.encode(value, forKey: .policyObjectIdentifier)
            case .policyType(let value):
                try container.encode(value, forKey: .policyType)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .policyObjectIdentifier(let value):
                try self.validate(value, name: "policyObjectIdentifier", parent: name, max: 64)
                try self.validate(value, name: "policyObjectIdentifier", parent: name, min: 1)
                try self.validate(value, name: "policyObjectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))(\\.([0-9]+)){0,126}$")
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case policyObjectIdentifier = "PolicyObjectIdentifier"
            case policyType = "PolicyType"
        }
    }

    public enum KeyUsageProperty: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// You can specify key usage for encryption, key agreement, and signature. You can use property flags or property type but not both.
        case propertyFlags(KeyUsagePropertyFlags)
        /// You can specify all key usages using property type ALL. You can use property type or property flags but not both.
        case propertyType(KeyUsagePropertyType)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .propertyFlags:
                let value = try container.decode(KeyUsagePropertyFlags.self, forKey: .propertyFlags)
                self = .propertyFlags(value)
            case .propertyType:
                let value = try container.decode(KeyUsagePropertyType.self, forKey: .propertyType)
                self = .propertyType(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .propertyFlags(let value):
                try container.encode(value, forKey: .propertyFlags)
            case .propertyType(let value):
                try container.encode(value, forKey: .propertyType)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case propertyFlags = "PropertyFlags"
            case propertyType = "PropertyType"
        }
    }

    public enum TemplateDefinition: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        case templateV2(TemplateV2)
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        case templateV3(TemplateV3)
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        case templateV4(TemplateV4)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .templateV2:
                let value = try container.decode(TemplateV2.self, forKey: .templateV2)
                self = .templateV2(value)
            case .templateV3:
                let value = try container.decode(TemplateV3.self, forKey: .templateV3)
                self = .templateV3(value)
            case .templateV4:
                let value = try container.decode(TemplateV4.self, forKey: .templateV4)
                self = .templateV4(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .templateV2(let value):
                try container.encode(value, forKey: .templateV2)
            case .templateV3(let value):
                try container.encode(value, forKey: .templateV3)
            case .templateV4(let value):
                try container.encode(value, forKey: .templateV4)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .templateV2(let value):
                try value.validate(name: "\(name).templateV2")
            case .templateV3(let value):
                try value.validate(name: "\(name).templateV3")
            case .templateV4(let value):
                try value.validate(name: "\(name).templateV4")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case templateV2 = "TemplateV2"
            case templateV3 = "TemplateV3"
            case templateV4 = "TemplateV4"
        }
    }

    // MARK: Shapes

    public struct AccessControlEntry: AWSDecodableShape {
        /// Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.
        public let accessRights: AccessRights?
        /// The date and time that the Access Control Entry was created.
        public let createdAt: Date?
        /// Name of the Active Directory group. This name does not need to match the group name in Active Directory.
        public let groupDisplayName: String?
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String?
        /// The date and time that the Access Control Entry was updated.
        public let updatedAt: Date?

        @inlinable
        public init(accessRights: AccessRights? = nil, createdAt: Date? = nil, groupDisplayName: String? = nil, groupSecurityIdentifier: String? = nil, templateArn: String? = nil, updatedAt: Date? = nil) {
            self.accessRights = accessRights
            self.createdAt = createdAt
            self.groupDisplayName = groupDisplayName
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accessRights = "AccessRights"
            case createdAt = "CreatedAt"
            case groupDisplayName = "GroupDisplayName"
            case groupSecurityIdentifier = "GroupSecurityIdentifier"
            case templateArn = "TemplateArn"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct AccessControlEntrySummary: AWSDecodableShape {
        /// Allow or deny an Active Directory group from enrolling and autoenrolling certificates issued against a template.
        public let accessRights: AccessRights?
        /// The date and time that the Access Control Entry was created.
        public let createdAt: Date?
        /// Name of the Active Directory group. This name does not need to match the group name in Active Directory.
        public let groupDisplayName: String?
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String?
        /// The date and time that the Access Control Entry was updated.
        public let updatedAt: Date?

        @inlinable
        public init(accessRights: AccessRights? = nil, createdAt: Date? = nil, groupDisplayName: String? = nil, groupSecurityIdentifier: String? = nil, templateArn: String? = nil, updatedAt: Date? = nil) {
            self.accessRights = accessRights
            self.createdAt = createdAt
            self.groupDisplayName = groupDisplayName
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accessRights = "AccessRights"
            case createdAt = "CreatedAt"
            case groupDisplayName = "GroupDisplayName"
            case groupSecurityIdentifier = "GroupSecurityIdentifier"
            case templateArn = "TemplateArn"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct AccessRights: AWSEncodableShape & AWSDecodableShape {
        /// Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment
        public let autoEnroll: AccessRight?
        /// Allow or deny an Active Directory group from enrolling certificates issued against a template.
        public let enroll: AccessRight?

        @inlinable
        public init(autoEnroll: AccessRight? = nil, enroll: AccessRight? = nil) {
            self.autoEnroll = autoEnroll
            self.enroll = enroll
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnroll = "AutoEnroll"
            case enroll = "Enroll"
        }
    }

    public struct ApplicationPolicies: AWSEncodableShape & AWSDecodableShape {
        /// Marks the application policy extension as critical.
        public let critical: Bool?
        /// Application policies describe what the certificate can be used for.
        public let policies: [ApplicationPolicy]

        @inlinable
        public init(critical: Bool? = nil, policies: [ApplicationPolicy]) {
            self.critical = critical
            self.policies = policies
        }

        public func validate(name: String) throws {
            try self.policies.forEach {
                try $0.validate(name: "\(name).policies[]")
            }
            try self.validate(self.policies, name: "policies", parent: name, max: 100)
            try self.validate(self.policies, name: "policies", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case critical = "Critical"
            case policies = "Policies"
        }
    }

    public struct CertificateValidity: AWSEncodableShape & AWSDecodableShape {
        /// Renewal period is the period of time before certificate expiration when a new certificate will be requested.
        public let renewalPeriod: ValidityPeriod
        /// Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
        public let validityPeriod: ValidityPeriod

        @inlinable
        public init(renewalPeriod: ValidityPeriod, validityPeriod: ValidityPeriod) {
            self.renewalPeriod = renewalPeriod
            self.validityPeriod = validityPeriod
        }

        private enum CodingKeys: String, CodingKey {
            case renewalPeriod = "RenewalPeriod"
            case validityPeriod = "ValidityPeriod"
        }
    }

    public struct ConflictException: AWSErrorShape {
        public let message: String
        /// The identifier of the Amazon Web Services resource.
        public let resourceId: String
        /// The resource type, which can be one of Connector, Template, TemplateGroupAccessControlEntry, ServicePrincipalName, or DirectoryRegistration.
        public let resourceType: String

        @inlinable
        public init(message: String, resourceId: String, resourceType: String) {
            self.message = message
            self.resourceId = resourceId
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case resourceId = "ResourceId"
            case resourceType = "ResourceType"
        }
    }

    public struct Connector: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let arn: String?
        /// The Amazon Resource Name (ARN) of the certificate authority being used.
        public let certificateAuthorityArn: String?
        /// Certificate enrollment endpoint for Active Directory domain-joined objects reach out to when requesting certificates.
        public let certificateEnrollmentPolicyServerEndpoint: String?
        /// The date and time that the connector was created.
        public let createdAt: Date?
        /// The identifier of the Active Directory.
        public let directoryId: String?
        /// Status of the connector. Status can be creating, active, deleting, or failed.
        public let status: ConnectorStatus?
        /// Additional information about the connector status if the status is failed.
        public let statusReason: ConnectorStatusReason?
        /// The date and time that the connector was updated.
        public let updatedAt: Date?
        /// Information of the VPC and security group(s) used with the connector.
        public let vpcInformation: VpcInformation?

        @inlinable
        public init(arn: String? = nil, certificateAuthorityArn: String? = nil, certificateEnrollmentPolicyServerEndpoint: String? = nil, createdAt: Date? = nil, directoryId: String? = nil, status: ConnectorStatus? = nil, statusReason: ConnectorStatusReason? = nil, updatedAt: Date? = nil, vpcInformation: VpcInformation? = nil) {
            self.arn = arn
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateEnrollmentPolicyServerEndpoint = certificateEnrollmentPolicyServerEndpoint
            self.createdAt = createdAt
            self.directoryId = directoryId
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
            self.vpcInformation = vpcInformation
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateEnrollmentPolicyServerEndpoint = "CertificateEnrollmentPolicyServerEndpoint"
            case createdAt = "CreatedAt"
            case directoryId = "DirectoryId"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
            case vpcInformation = "VpcInformation"
        }
    }

    public struct ConnectorSummary: AWSDecodableShape {
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let arn: String?
        /// The Amazon Resource Name (ARN) of the certificate authority being used.
        public let certificateAuthorityArn: String?
        /// Certificate enrollment endpoint for Active Directory domain-joined objects to request certificates.
        public let certificateEnrollmentPolicyServerEndpoint: String?
        /// The date and time that the connector was created.
        public let createdAt: Date?
        /// The identifier of the Active Directory.
        public let directoryId: String?
        /// Status of the connector. Status can be creating, active, deleting, or failed.
        public let status: ConnectorStatus?
        /// Additional information about the connector status if the status is failed.
        public let statusReason: ConnectorStatusReason?
        /// The date and time that the connector was updated.
        public let updatedAt: Date?
        /// Information of the VPC and security group(s) used with the connector.
        public let vpcInformation: VpcInformation?

        @inlinable
        public init(arn: String? = nil, certificateAuthorityArn: String? = nil, certificateEnrollmentPolicyServerEndpoint: String? = nil, createdAt: Date? = nil, directoryId: String? = nil, status: ConnectorStatus? = nil, statusReason: ConnectorStatusReason? = nil, updatedAt: Date? = nil, vpcInformation: VpcInformation? = nil) {
            self.arn = arn
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateEnrollmentPolicyServerEndpoint = certificateEnrollmentPolicyServerEndpoint
            self.createdAt = createdAt
            self.directoryId = directoryId
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
            self.vpcInformation = vpcInformation
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateEnrollmentPolicyServerEndpoint = "CertificateEnrollmentPolicyServerEndpoint"
            case createdAt = "CreatedAt"
            case directoryId = "DirectoryId"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
            case vpcInformation = "VpcInformation"
        }
    }

    public struct CreateConnectorRequest: AWSEncodableShape {
        ///  The Amazon Resource Name (ARN) of the certificate authority being used.
        public let certificateAuthorityArn: String
        /// Idempotency token.
        public let clientToken: String?
        /// The identifier of the Active Directory.
        public let directoryId: String
        /// Metadata assigned to a connector consisting of a key-value pair.
        public let tags: [String: String]?
        /// Information about your VPC and security groups used with the connector.
        public let vpcInformation: VpcInformation

        @inlinable
        public init(certificateAuthorityArn: String, clientToken: String? = CreateConnectorRequest.idempotencyToken(), directoryId: String, tags: [String: String]? = nil, vpcInformation: VpcInformation) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.clientToken = clientToken
            self.directoryId = directoryId
            self.tags = tags
            self.vpcInformation = vpcInformation
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w-]+:acm-pca:[\\w-]+:[0-9]+:certificate-authority\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[!-~]+$")
            try self.validate(self.directoryId, name: "directoryId", parent: name, pattern: "^d-[0-9a-f]{10}$")
            try self.vpcInformation.validate(name: "\(name).vpcInformation")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case clientToken = "ClientToken"
            case directoryId = "DirectoryId"
            case tags = "Tags"
            case vpcInformation = "VpcInformation"
        }
    }

    public struct CreateConnectorResponse: AWSDecodableShape {
        /// If successful, the Amazon Resource Name (ARN) of the connector for Active Directory.
        public let connectorArn: String?

        @inlinable
        public init(connectorArn: String? = nil) {
            self.connectorArn = connectorArn
        }

        private enum CodingKeys: String, CodingKey {
            case connectorArn = "ConnectorArn"
        }
    }

    public struct CreateDirectoryRegistrationRequest: AWSEncodableShape {
        /// Idempotency token.
        public let clientToken: String?
        ///  The identifier of the Active Directory.
        public let directoryId: String
        /// Metadata assigned to a directory registration consisting of a key-value pair.
        public let tags: [String: String]?

        @inlinable
        public init(clientToken: String? = CreateDirectoryRegistrationRequest.idempotencyToken(), directoryId: String, tags: [String: String]? = nil) {
            self.clientToken = clientToken
            self.directoryId = directoryId
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[!-~]+$")
            try self.validate(self.directoryId, name: "directoryId", parent: name, pattern: "^d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "ClientToken"
            case directoryId = "DirectoryId"
            case tags = "Tags"
        }
    }

    public struct CreateDirectoryRegistrationResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String?

        @inlinable
        public init(directoryRegistrationArn: String? = nil) {
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        private enum CodingKeys: String, CodingKey {
            case directoryRegistrationArn = "DirectoryRegistrationArn"
        }
    }

    public struct CreateServicePrincipalNameRequest: AWSEncodableShape {
        /// Idempotency token.
        public let clientToken: String?
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String

        @inlinable
        public init(clientToken: String? = CreateServicePrincipalNameRequest.idempotencyToken(), connectorArn: String, directoryRegistrationArn: String) {
            self.clientToken = clientToken
            self.connectorArn = connectorArn
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.clientToken, forKey: .clientToken)
            request.encodePath(self.connectorArn, key: "ConnectorArn")
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[!-~]+$")
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "ClientToken"
        }
    }

    public struct CreateTemplateGroupAccessControlEntryRequest: AWSEncodableShape {
        ///  Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
        public let accessRights: AccessRights
        /// Idempotency token.
        public let clientToken: String?
        /// Name of the Active Directory group. This name does not need to match the group name in Active Directory.
        public let groupDisplayName: String
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(accessRights: AccessRights, clientToken: String? = CreateTemplateGroupAccessControlEntryRequest.idempotencyToken(), groupDisplayName: String, groupSecurityIdentifier: String, templateArn: String) {
            self.accessRights = accessRights
            self.clientToken = clientToken
            self.groupDisplayName = groupDisplayName
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encode(self.accessRights, forKey: .accessRights)
            try container.encodeIfPresent(self.clientToken, forKey: .clientToken)
            try container.encode(self.groupDisplayName, forKey: .groupDisplayName)
            try container.encode(self.groupSecurityIdentifier, forKey: .groupSecurityIdentifier)
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[!-~]+$")
            try self.validate(self.groupDisplayName, name: "groupDisplayName", parent: name, max: 256)
            try self.validate(self.groupDisplayName, name: "groupDisplayName", parent: name, pattern: "^[\\x20-\\x7E]+$")
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, max: 256)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, min: 7)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, pattern: "^S-[0-9]-([0-9]+-){1,14}[0-9]+$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessRights = "AccessRights"
            case clientToken = "ClientToken"
            case groupDisplayName = "GroupDisplayName"
            case groupSecurityIdentifier = "GroupSecurityIdentifier"
        }
    }

    public struct CreateTemplateRequest: AWSEncodableShape {
        /// Idempotency token.
        public let clientToken: String?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        public let definition: TemplateDefinition
        /// Name of the template. The template name must be unique.
        public let name: String
        /// Metadata assigned to a template consisting of a key-value pair.
        public let tags: [String: String]?

        @inlinable
        public init(clientToken: String? = CreateTemplateRequest.idempotencyToken(), connectorArn: String, definition: TemplateDefinition, name: String, tags: [String: String]? = nil) {
            self.clientToken = clientToken
            self.connectorArn = connectorArn
            self.definition = definition
            self.name = name
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[!-~]+$")
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.definition.validate(name: "\(name).definition")
            try self.validate(self.name, name: "name", parent: name, max: 64)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^(?!^\\s+$)((?![\\x5c'\\x2b,;<=>#\\x22])([\\x20-\\x7E]))+$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "ClientToken"
            case connectorArn = "ConnectorArn"
            case definition = "Definition"
            case name = "Name"
            case tags = "Tags"
        }
    }

    public struct CreateTemplateResponse: AWSDecodableShape {
        /// If successful, the Amazon Resource Name (ARN) of the template.
        public let templateArn: String?

        @inlinable
        public init(templateArn: String? = nil) {
            self.templateArn = templateArn
        }

        private enum CodingKeys: String, CodingKey {
            case templateArn = "TemplateArn"
        }
    }

    public struct DeleteConnectorRequest: AWSEncodableShape {
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String

        @inlinable
        public init(connectorArn: String) {
            self.connectorArn = connectorArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.connectorArn, key: "ConnectorArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteDirectoryRegistrationRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String

        @inlinable
        public init(directoryRegistrationArn: String) {
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteServicePrincipalNameRequest: AWSEncodableShape {
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String

        @inlinable
        public init(connectorArn: String, directoryRegistrationArn: String) {
            self.connectorArn = connectorArn
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.connectorArn, key: "ConnectorArn")
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteTemplateGroupAccessControlEntryRequest: AWSEncodableShape {
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(groupSecurityIdentifier: String, templateArn: String) {
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.groupSecurityIdentifier, key: "GroupSecurityIdentifier")
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, max: 256)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, min: 7)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, pattern: "^S-[0-9]-([0-9]+-){1,14}[0-9]+$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteTemplateRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(templateArn: String) {
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DirectoryRegistration: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let arn: String?
        /// The date and time that the directory registration was created.
        public let createdAt: Date?
        /// The identifier of the Active Directory.
        public let directoryId: String?
        /// Status of the directory registration.
        public let status: DirectoryRegistrationStatus?
        /// Additional information about the directory registration status if the status is failed.
        public let statusReason: DirectoryRegistrationStatusReason?
        /// The date and time that the directory registration was updated.
        public let updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, directoryId: String? = nil, status: DirectoryRegistrationStatus? = nil, statusReason: DirectoryRegistrationStatusReason? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.directoryId = directoryId
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createdAt = "CreatedAt"
            case directoryId = "DirectoryId"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct DirectoryRegistrationSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let arn: String?
        /// The date and time that the directory registration was created.
        public let createdAt: Date?
        /// The identifier of the Active Directory.
        public let directoryId: String?
        /// Status of the directory registration.
        public let status: DirectoryRegistrationStatus?
        /// Additional information about the directory registration status if the status is failed.
        public let statusReason: DirectoryRegistrationStatusReason?
        /// The date and time that the directory registration was updated.
        public let updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, directoryId: String? = nil, status: DirectoryRegistrationStatus? = nil, statusReason: DirectoryRegistrationStatusReason? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.directoryId = directoryId
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createdAt = "CreatedAt"
            case directoryId = "DirectoryId"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct EnrollmentFlagsV2: AWSEncodableShape & AWSDecodableShape {
        /// Allow renewal using the same key.
        public let enableKeyReuseOnNtTokenKeysetStorageFull: Bool?
        /// Include symmetric algorithms allowed by the subject.
        public let includeSymmetricAlgorithms: Bool?
        /// This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
        public let noSecurityExtension: Bool?
        /// Delete expired or revoked certificates instead of archiving them.
        public let removeInvalidCertificateFromPersonalStore: Bool?
        /// Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
        public let userInteractionRequired: Bool?

        @inlinable
        public init(enableKeyReuseOnNtTokenKeysetStorageFull: Bool? = nil, includeSymmetricAlgorithms: Bool? = nil, noSecurityExtension: Bool? = nil, removeInvalidCertificateFromPersonalStore: Bool? = nil, userInteractionRequired: Bool? = nil) {
            self.enableKeyReuseOnNtTokenKeysetStorageFull = enableKeyReuseOnNtTokenKeysetStorageFull
            self.includeSymmetricAlgorithms = includeSymmetricAlgorithms
            self.noSecurityExtension = noSecurityExtension
            self.removeInvalidCertificateFromPersonalStore = removeInvalidCertificateFromPersonalStore
            self.userInteractionRequired = userInteractionRequired
        }

        private enum CodingKeys: String, CodingKey {
            case enableKeyReuseOnNtTokenKeysetStorageFull = "EnableKeyReuseOnNtTokenKeysetStorageFull"
            case includeSymmetricAlgorithms = "IncludeSymmetricAlgorithms"
            case noSecurityExtension = "NoSecurityExtension"
            case removeInvalidCertificateFromPersonalStore = "RemoveInvalidCertificateFromPersonalStore"
            case userInteractionRequired = "UserInteractionRequired"
        }
    }

    public struct EnrollmentFlagsV3: AWSEncodableShape & AWSDecodableShape {
        /// Allow renewal using the same key.
        public let enableKeyReuseOnNtTokenKeysetStorageFull: Bool?
        /// Include symmetric algorithms allowed by the subject.
        public let includeSymmetricAlgorithms: Bool?
        /// This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
        public let noSecurityExtension: Bool?
        /// Delete expired or revoked certificates instead of archiving them.
        public let removeInvalidCertificateFromPersonalStore: Bool?
        /// Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
        public let userInteractionRequired: Bool?

        @inlinable
        public init(enableKeyReuseOnNtTokenKeysetStorageFull: Bool? = nil, includeSymmetricAlgorithms: Bool? = nil, noSecurityExtension: Bool? = nil, removeInvalidCertificateFromPersonalStore: Bool? = nil, userInteractionRequired: Bool? = nil) {
            self.enableKeyReuseOnNtTokenKeysetStorageFull = enableKeyReuseOnNtTokenKeysetStorageFull
            self.includeSymmetricAlgorithms = includeSymmetricAlgorithms
            self.noSecurityExtension = noSecurityExtension
            self.removeInvalidCertificateFromPersonalStore = removeInvalidCertificateFromPersonalStore
            self.userInteractionRequired = userInteractionRequired
        }

        private enum CodingKeys: String, CodingKey {
            case enableKeyReuseOnNtTokenKeysetStorageFull = "EnableKeyReuseOnNtTokenKeysetStorageFull"
            case includeSymmetricAlgorithms = "IncludeSymmetricAlgorithms"
            case noSecurityExtension = "NoSecurityExtension"
            case removeInvalidCertificateFromPersonalStore = "RemoveInvalidCertificateFromPersonalStore"
            case userInteractionRequired = "UserInteractionRequired"
        }
    }

    public struct EnrollmentFlagsV4: AWSEncodableShape & AWSDecodableShape {
        /// Allow renewal using the same key.
        public let enableKeyReuseOnNtTokenKeysetStorageFull: Bool?
        /// Include symmetric algorithms allowed by the subject.
        public let includeSymmetricAlgorithms: Bool?
        /// This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
        public let noSecurityExtension: Bool?
        /// Delete expired or revoked certificates instead of archiving them.
        public let removeInvalidCertificateFromPersonalStore: Bool?
        /// Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
        public let userInteractionRequired: Bool?

        @inlinable
        public init(enableKeyReuseOnNtTokenKeysetStorageFull: Bool? = nil, includeSymmetricAlgorithms: Bool? = nil, noSecurityExtension: Bool? = nil, removeInvalidCertificateFromPersonalStore: Bool? = nil, userInteractionRequired: Bool? = nil) {
            self.enableKeyReuseOnNtTokenKeysetStorageFull = enableKeyReuseOnNtTokenKeysetStorageFull
            self.includeSymmetricAlgorithms = includeSymmetricAlgorithms
            self.noSecurityExtension = noSecurityExtension
            self.removeInvalidCertificateFromPersonalStore = removeInvalidCertificateFromPersonalStore
            self.userInteractionRequired = userInteractionRequired
        }

        private enum CodingKeys: String, CodingKey {
            case enableKeyReuseOnNtTokenKeysetStorageFull = "EnableKeyReuseOnNtTokenKeysetStorageFull"
            case includeSymmetricAlgorithms = "IncludeSymmetricAlgorithms"
            case noSecurityExtension = "NoSecurityExtension"
            case removeInvalidCertificateFromPersonalStore = "RemoveInvalidCertificateFromPersonalStore"
            case userInteractionRequired = "UserInteractionRequired"
        }
    }

    public struct ExtensionsV2: AWSEncodableShape & AWSDecodableShape {
        /// Application policies specify what the certificate is used for and its purpose.
        public let applicationPolicies: ApplicationPolicies?
        /// The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
        public let keyUsage: KeyUsage

        @inlinable
        public init(applicationPolicies: ApplicationPolicies? = nil, keyUsage: KeyUsage) {
            self.applicationPolicies = applicationPolicies
            self.keyUsage = keyUsage
        }

        public func validate(name: String) throws {
            try self.applicationPolicies?.validate(name: "\(name).applicationPolicies")
        }

        private enum CodingKeys: String, CodingKey {
            case applicationPolicies = "ApplicationPolicies"
            case keyUsage = "KeyUsage"
        }
    }

    public struct ExtensionsV3: AWSEncodableShape & AWSDecodableShape {
        /// Application policies specify what the certificate is used for and its purpose.
        public let applicationPolicies: ApplicationPolicies?
        /// The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
        public let keyUsage: KeyUsage

        @inlinable
        public init(applicationPolicies: ApplicationPolicies? = nil, keyUsage: KeyUsage) {
            self.applicationPolicies = applicationPolicies
            self.keyUsage = keyUsage
        }

        public func validate(name: String) throws {
            try self.applicationPolicies?.validate(name: "\(name).applicationPolicies")
        }

        private enum CodingKeys: String, CodingKey {
            case applicationPolicies = "ApplicationPolicies"
            case keyUsage = "KeyUsage"
        }
    }

    public struct ExtensionsV4: AWSEncodableShape & AWSDecodableShape {
        /// Application policies specify what the certificate is used for and its purpose.
        public let applicationPolicies: ApplicationPolicies?
        /// The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
        public let keyUsage: KeyUsage

        @inlinable
        public init(applicationPolicies: ApplicationPolicies? = nil, keyUsage: KeyUsage) {
            self.applicationPolicies = applicationPolicies
            self.keyUsage = keyUsage
        }

        public func validate(name: String) throws {
            try self.applicationPolicies?.validate(name: "\(name).applicationPolicies")
        }

        private enum CodingKeys: String, CodingKey {
            case applicationPolicies = "ApplicationPolicies"
            case keyUsage = "KeyUsage"
        }
    }

    public struct GeneralFlagsV2: AWSEncodableShape & AWSDecodableShape {
        /// Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
        public let autoEnrollment: Bool?
        /// Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users.
        public let machineType: Bool?

        @inlinable
        public init(autoEnrollment: Bool? = nil, machineType: Bool? = nil) {
            self.autoEnrollment = autoEnrollment
            self.machineType = machineType
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnrollment = "AutoEnrollment"
            case machineType = "MachineType"
        }
    }

    public struct GeneralFlagsV3: AWSEncodableShape & AWSDecodableShape {
        /// Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
        public let autoEnrollment: Bool?
        /// Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
        public let machineType: Bool?

        @inlinable
        public init(autoEnrollment: Bool? = nil, machineType: Bool? = nil) {
            self.autoEnrollment = autoEnrollment
            self.machineType = machineType
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnrollment = "AutoEnrollment"
            case machineType = "MachineType"
        }
    }

    public struct GeneralFlagsV4: AWSEncodableShape & AWSDecodableShape {
        /// Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
        public let autoEnrollment: Bool?
        /// Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
        public let machineType: Bool?

        @inlinable
        public init(autoEnrollment: Bool? = nil, machineType: Bool? = nil) {
            self.autoEnrollment = autoEnrollment
            self.machineType = machineType
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnrollment = "AutoEnrollment"
            case machineType = "MachineType"
        }
    }

    public struct GetConnectorRequest: AWSEncodableShape {
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String

        @inlinable
        public init(connectorArn: String) {
            self.connectorArn = connectorArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.connectorArn, key: "ConnectorArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetConnectorResponse: AWSDecodableShape {
        /// A structure that contains information about your connector.
        public let connector: Connector?

        @inlinable
        public init(connector: Connector? = nil) {
            self.connector = connector
        }

        private enum CodingKeys: String, CodingKey {
            case connector = "Connector"
        }
    }

    public struct GetDirectoryRegistrationRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String

        @inlinable
        public init(directoryRegistrationArn: String) {
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetDirectoryRegistrationResponse: AWSDecodableShape {
        /// The directory registration represents the authorization of the connector service with a directory.
        public let directoryRegistration: DirectoryRegistration?

        @inlinable
        public init(directoryRegistration: DirectoryRegistration? = nil) {
            self.directoryRegistration = directoryRegistration
        }

        private enum CodingKeys: String, CodingKey {
            case directoryRegistration = "DirectoryRegistration"
        }
    }

    public struct GetServicePrincipalNameRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String

        @inlinable
        public init(connectorArn: String, directoryRegistrationArn: String) {
            self.connectorArn = connectorArn
            self.directoryRegistrationArn = directoryRegistrationArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.connectorArn, key: "ConnectorArn")
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetServicePrincipalNameResponse: AWSDecodableShape {
        /// The service principal name that the connector uses to authenticate with Active Directory.
        public let servicePrincipalName: ServicePrincipalName?

        @inlinable
        public init(servicePrincipalName: ServicePrincipalName? = nil) {
            self.servicePrincipalName = servicePrincipalName
        }

        private enum CodingKeys: String, CodingKey {
            case servicePrincipalName = "ServicePrincipalName"
        }
    }

    public struct GetTemplateGroupAccessControlEntryRequest: AWSEncodableShape {
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(groupSecurityIdentifier: String, templateArn: String) {
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.groupSecurityIdentifier, key: "GroupSecurityIdentifier")
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, max: 256)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, min: 7)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, pattern: "^S-[0-9]-([0-9]+-){1,14}[0-9]+$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetTemplateGroupAccessControlEntryResponse: AWSDecodableShape {
        /// An access control entry allows or denies an Active Directory group from enrolling and/or autoenrolling with a template.
        public let accessControlEntry: AccessControlEntry?

        @inlinable
        public init(accessControlEntry: AccessControlEntry? = nil) {
            self.accessControlEntry = accessControlEntry
        }

        private enum CodingKeys: String, CodingKey {
            case accessControlEntry = "AccessControlEntry"
        }
    }

    public struct GetTemplateRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(templateArn: String) {
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetTemplateResponse: AWSDecodableShape {
        /// A certificate template that the connector uses to issue certificates from a private CA.
        public let template: Template?

        @inlinable
        public init(template: Template? = nil) {
            self.template = template
        }

        private enum CodingKeys: String, CodingKey {
            case template = "Template"
        }
    }

    public struct KeyUsage: AWSEncodableShape & AWSDecodableShape {
        /// Sets the key usage extension to critical.
        public let critical: Bool?
        /// The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
        public let usageFlags: KeyUsageFlags

        @inlinable
        public init(critical: Bool? = nil, usageFlags: KeyUsageFlags) {
            self.critical = critical
            self.usageFlags = usageFlags
        }

        private enum CodingKeys: String, CodingKey {
            case critical = "Critical"
            case usageFlags = "UsageFlags"
        }
    }

    public struct KeyUsageFlags: AWSEncodableShape & AWSDecodableShape {
        /// DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
        public let dataEncipherment: Bool?
        /// The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
        public let digitalSignature: Bool?
        /// KeyAgreement is asserted when the subject public key is used for key agreement.
        public let keyAgreement: Bool?
        /// KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
        public let keyEncipherment: Bool?
        /// NonRepudiation is asserted when the subject public key is used to verify digital signatures.
        public let nonRepudiation: Bool?

        @inlinable
        public init(dataEncipherment: Bool? = nil, digitalSignature: Bool? = nil, keyAgreement: Bool? = nil, keyEncipherment: Bool? = nil, nonRepudiation: Bool? = nil) {
            self.dataEncipherment = dataEncipherment
            self.digitalSignature = digitalSignature
            self.keyAgreement = keyAgreement
            self.keyEncipherment = keyEncipherment
            self.nonRepudiation = nonRepudiation
        }

        private enum CodingKeys: String, CodingKey {
            case dataEncipherment = "DataEncipherment"
            case digitalSignature = "DigitalSignature"
            case keyAgreement = "KeyAgreement"
            case keyEncipherment = "KeyEncipherment"
            case nonRepudiation = "NonRepudiation"
        }
    }

    public struct KeyUsagePropertyFlags: AWSEncodableShape & AWSDecodableShape {
        /// Allows key for encryption and decryption.
        public let decrypt: Bool?
        /// Allows key exchange without encryption.
        public let keyAgreement: Bool?
        /// Allow key use for digital signature.
        public let sign: Bool?

        @inlinable
        public init(decrypt: Bool? = nil, keyAgreement: Bool? = nil, sign: Bool? = nil) {
            self.decrypt = decrypt
            self.keyAgreement = keyAgreement
            self.sign = sign
        }

        private enum CodingKeys: String, CodingKey {
            case decrypt = "Decrypt"
            case keyAgreement = "KeyAgreement"
            case sign = "Sign"
        }
    }

    public struct ListConnectorsRequest: AWSEncodableShape {
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "MaxResults")
            request.encodeQuery(self.nextToken, key: "NextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 1000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListConnectorsResponse: AWSDecodableShape {
        /// Summary information about each connector you have created.
        public let connectors: [ConnectorSummary]?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(connectors: [ConnectorSummary]? = nil, nextToken: String? = nil) {
            self.connectors = connectors
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case connectors = "Connectors"
            case nextToken = "NextToken"
        }
    }

    public struct ListDirectoryRegistrationsRequest: AWSEncodableShape {
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "MaxResults")
            request.encodeQuery(self.nextToken, key: "NextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 1000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListDirectoryRegistrationsResponse: AWSDecodableShape {
        /// Summary information about each directory registration you have created.
        public let directoryRegistrations: [DirectoryRegistrationSummary]?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(directoryRegistrations: [DirectoryRegistrationSummary]? = nil, nextToken: String? = nil) {
            self.directoryRegistrations = directoryRegistrations
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case directoryRegistrations = "DirectoryRegistrations"
            case nextToken = "NextToken"
        }
    }

    public struct ListServicePrincipalNamesRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(directoryRegistrationArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.directoryRegistrationArn = directoryRegistrationArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.directoryRegistrationArn, key: "DirectoryRegistrationArn")
            request.encodeQuery(self.maxResults, key: "MaxResults")
            request.encodeQuery(self.nextToken, key: "NextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, max: 200)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, min: 5)
            try self.validate(self.directoryRegistrationArn, name: "directoryRegistrationArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:directory-registration\\/d-[0-9a-f]{10}$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 1000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListServicePrincipalNamesResponse: AWSDecodableShape {
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?
        /// The service principal name, if any, that the connector uses to authenticate with Active Directory.
        public let servicePrincipalNames: [ServicePrincipalNameSummary]?

        @inlinable
        public init(nextToken: String? = nil, servicePrincipalNames: [ServicePrincipalNameSummary]? = nil) {
            self.nextToken = nextToken
            self.servicePrincipalNames = servicePrincipalNames
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case servicePrincipalNames = "ServicePrincipalNames"
        }
    }

    public struct ListTagsForResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you created the resource.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "ResourceArn")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// The tags, if any, that are associated with your resource.
        public let tags: [String: String]?

        @inlinable
        public init(tags: [String: String]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "Tags"
        }
    }

    public struct ListTemplateGroupAccessControlEntriesRequest: AWSEncodableShape {
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, templateArn: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "MaxResults")
            request.encodeQuery(self.nextToken, key: "NextToken")
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 1000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListTemplateGroupAccessControlEntriesResponse: AWSDecodableShape {
        /// An access control entry grants or denies permission to an Active Directory group to enroll certificates for a template.
        public let accessControlEntries: [AccessControlEntrySummary]?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(accessControlEntries: [AccessControlEntrySummary]? = nil, nextToken: String? = nil) {
            self.accessControlEntries = accessControlEntries
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case accessControlEntries = "AccessControlEntries"
            case nextToken = "NextToken"
        }
    }

    public struct ListTemplatesRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?

        @inlinable
        public init(connectorArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.connectorArn = connectorArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.connectorArn, key: "ConnectorArn")
            request.encodeQuery(self.maxResults, key: "MaxResults")
            request.encodeQuery(self.nextToken, key: "NextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, max: 200)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, min: 5)
            try self.validate(self.connectorArn, name: "connectorArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 1000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListTemplatesResponse: AWSDecodableShape {
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?
        /// Custom configuration templates used when issuing a certificate.
        public let templates: [TemplateSummary]?

        @inlinable
        public init(nextToken: String? = nil, templates: [TemplateSummary]? = nil) {
            self.nextToken = nextToken
            self.templates = templates
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case templates = "Templates"
        }
    }

    public struct PrivateKeyAttributesV2: AWSEncodableShape & AWSDecodableShape {
        /// Defines the cryptographic providers used to generate the private key.
        public let cryptoProviders: [String]?
        /// Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
        public let keySpec: KeySpec
        /// Set the minimum key length of the private key.
        public let minimalKeyLength: Int

        @inlinable
        public init(cryptoProviders: [String]? = nil, keySpec: KeySpec, minimalKeyLength: Int) {
            self.cryptoProviders = cryptoProviders
            self.keySpec = keySpec
            self.minimalKeyLength = minimalKeyLength
        }

        public func validate(name: String) throws {
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, max: 100)
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case cryptoProviders = "CryptoProviders"
            case keySpec = "KeySpec"
            case minimalKeyLength = "MinimalKeyLength"
        }
    }

    public struct PrivateKeyAttributesV3: AWSEncodableShape & AWSDecodableShape {
        /// Defines the algorithm used to generate the private key.
        public let algorithm: PrivateKeyAlgorithm
        /// Defines the cryptographic providers used to generate the private key.
        public let cryptoProviders: [String]?
        /// Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
        public let keySpec: KeySpec
        /// The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
        public let keyUsageProperty: KeyUsageProperty
        /// Set the minimum key length of the private key.
        public let minimalKeyLength: Int

        @inlinable
        public init(algorithm: PrivateKeyAlgorithm, cryptoProviders: [String]? = nil, keySpec: KeySpec, keyUsageProperty: KeyUsageProperty, minimalKeyLength: Int) {
            self.algorithm = algorithm
            self.cryptoProviders = cryptoProviders
            self.keySpec = keySpec
            self.keyUsageProperty = keyUsageProperty
            self.minimalKeyLength = minimalKeyLength
        }

        public func validate(name: String) throws {
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, max: 100)
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case algorithm = "Algorithm"
            case cryptoProviders = "CryptoProviders"
            case keySpec = "KeySpec"
            case keyUsageProperty = "KeyUsageProperty"
            case minimalKeyLength = "MinimalKeyLength"
        }
    }

    public struct PrivateKeyAttributesV4: AWSEncodableShape & AWSDecodableShape {
        /// Defines the algorithm used to generate the private key.
        public let algorithm: PrivateKeyAlgorithm?
        /// Defines the cryptographic providers used to generate the private key.
        public let cryptoProviders: [String]?
        /// Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
        public let keySpec: KeySpec
        /// The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
        public let keyUsageProperty: KeyUsageProperty?
        /// Set the minimum key length of the private key.
        public let minimalKeyLength: Int

        @inlinable
        public init(algorithm: PrivateKeyAlgorithm? = nil, cryptoProviders: [String]? = nil, keySpec: KeySpec, keyUsageProperty: KeyUsageProperty? = nil, minimalKeyLength: Int) {
            self.algorithm = algorithm
            self.cryptoProviders = cryptoProviders
            self.keySpec = keySpec
            self.keyUsageProperty = keyUsageProperty
            self.minimalKeyLength = minimalKeyLength
        }

        public func validate(name: String) throws {
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, max: 100)
            try self.validate(self.cryptoProviders, name: "cryptoProviders", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case algorithm = "Algorithm"
            case cryptoProviders = "CryptoProviders"
            case keySpec = "KeySpec"
            case keyUsageProperty = "KeyUsageProperty"
            case minimalKeyLength = "MinimalKeyLength"
        }
    }

    public struct PrivateKeyFlagsV2: AWSEncodableShape & AWSDecodableShape {
        /// Defines the minimum client compatibility.
        public let clientVersion: ClientCompatibilityV2
        /// Allows the private key to be exported.
        public let exportableKey: Bool?
        /// Require user input when using the private key for enrollment.
        public let strongKeyProtectionRequired: Bool?

        @inlinable
        public init(clientVersion: ClientCompatibilityV2, exportableKey: Bool? = nil, strongKeyProtectionRequired: Bool? = nil) {
            self.clientVersion = clientVersion
            self.exportableKey = exportableKey
            self.strongKeyProtectionRequired = strongKeyProtectionRequired
        }

        private enum CodingKeys: String, CodingKey {
            case clientVersion = "ClientVersion"
            case exportableKey = "ExportableKey"
            case strongKeyProtectionRequired = "StrongKeyProtectionRequired"
        }
    }

    public struct PrivateKeyFlagsV3: AWSEncodableShape & AWSDecodableShape {
        /// Defines the minimum client compatibility.
        public let clientVersion: ClientCompatibilityV3
        /// Allows the private key to be exported.
        public let exportableKey: Bool?
        /// Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
        public let requireAlternateSignatureAlgorithm: Bool?
        /// Requirer user input when using the private key for enrollment.
        public let strongKeyProtectionRequired: Bool?

        @inlinable
        public init(clientVersion: ClientCompatibilityV3, exportableKey: Bool? = nil, requireAlternateSignatureAlgorithm: Bool? = nil, strongKeyProtectionRequired: Bool? = nil) {
            self.clientVersion = clientVersion
            self.exportableKey = exportableKey
            self.requireAlternateSignatureAlgorithm = requireAlternateSignatureAlgorithm
            self.strongKeyProtectionRequired = strongKeyProtectionRequired
        }

        private enum CodingKeys: String, CodingKey {
            case clientVersion = "ClientVersion"
            case exportableKey = "ExportableKey"
            case requireAlternateSignatureAlgorithm = "RequireAlternateSignatureAlgorithm"
            case strongKeyProtectionRequired = "StrongKeyProtectionRequired"
        }
    }

    public struct PrivateKeyFlagsV4: AWSEncodableShape & AWSDecodableShape {
        /// Defines the minimum client compatibility.
        public let clientVersion: ClientCompatibilityV4
        /// Allows the private key to be exported.
        public let exportableKey: Bool?
        /// Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
        public let requireAlternateSignatureAlgorithm: Bool?
        /// Renew certificate using the same private key.
        public let requireSameKeyRenewal: Bool?
        /// Require user input when using the private key for enrollment.
        public let strongKeyProtectionRequired: Bool?
        /// Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
        public let useLegacyProvider: Bool?

        @inlinable
        public init(clientVersion: ClientCompatibilityV4, exportableKey: Bool? = nil, requireAlternateSignatureAlgorithm: Bool? = nil, requireSameKeyRenewal: Bool? = nil, strongKeyProtectionRequired: Bool? = nil, useLegacyProvider: Bool? = nil) {
            self.clientVersion = clientVersion
            self.exportableKey = exportableKey
            self.requireAlternateSignatureAlgorithm = requireAlternateSignatureAlgorithm
            self.requireSameKeyRenewal = requireSameKeyRenewal
            self.strongKeyProtectionRequired = strongKeyProtectionRequired
            self.useLegacyProvider = useLegacyProvider
        }

        private enum CodingKeys: String, CodingKey {
            case clientVersion = "ClientVersion"
            case exportableKey = "ExportableKey"
            case requireAlternateSignatureAlgorithm = "RequireAlternateSignatureAlgorithm"
            case requireSameKeyRenewal = "RequireSameKeyRenewal"
            case strongKeyProtectionRequired = "StrongKeyProtectionRequired"
            case useLegacyProvider = "UseLegacyProvider"
        }
    }

    public struct ResourceNotFoundException: AWSErrorShape {
        public let message: String
        /// The identifier of the Amazon Web Services resource.
        public let resourceId: String
        /// The resource type, which can be one of Connector, Template, TemplateGroupAccessControlEntry, ServicePrincipalName, or DirectoryRegistration.
        public let resourceType: String

        @inlinable
        public init(message: String, resourceId: String, resourceType: String) {
            self.message = message
            self.resourceId = resourceId
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case resourceId = "ResourceId"
            case resourceType = "ResourceType"
        }
    }

    public struct ServicePrincipalName: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.html.
        public let connectorArn: String?
        /// The date and time that the service principal name was created.
        public let createdAt: Date?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String?
        /// The status of a service principal name.
        public let status: ServicePrincipalNameStatus?
        /// Additional information for the status of a service principal name if the status is failed.
        public let statusReason: ServicePrincipalNameStatusReason?
        /// The date and time that the service principal name was updated.
        public let updatedAt: Date?

        @inlinable
        public init(connectorArn: String? = nil, createdAt: Date? = nil, directoryRegistrationArn: String? = nil, status: ServicePrincipalNameStatus? = nil, statusReason: ServicePrincipalNameStatusReason? = nil, updatedAt: Date? = nil) {
            self.connectorArn = connectorArn
            self.createdAt = createdAt
            self.directoryRegistrationArn = directoryRegistrationArn
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case connectorArn = "ConnectorArn"
            case createdAt = "CreatedAt"
            case directoryRegistrationArn = "DirectoryRegistrationArn"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct ServicePrincipalNameSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String?
        /// The date and time that the service principal name was created.
        public let createdAt: Date?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
        public let directoryRegistrationArn: String?
        /// The status of a service principal name.
        public let status: ServicePrincipalNameStatus?
        /// Additional information for the status of a service principal name if the status is failed.
        public let statusReason: ServicePrincipalNameStatusReason?
        /// Time when the service principal name was updated.
        public let updatedAt: Date?

        @inlinable
        public init(connectorArn: String? = nil, createdAt: Date? = nil, directoryRegistrationArn: String? = nil, status: ServicePrincipalNameStatus? = nil, statusReason: ServicePrincipalNameStatusReason? = nil, updatedAt: Date? = nil) {
            self.connectorArn = connectorArn
            self.createdAt = createdAt
            self.directoryRegistrationArn = directoryRegistrationArn
            self.status = status
            self.statusReason = statusReason
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case connectorArn = "ConnectorArn"
            case createdAt = "CreatedAt"
            case directoryRegistrationArn = "DirectoryRegistrationArn"
            case status = "Status"
            case statusReason = "StatusReason"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct ServiceQuotaExceededException: AWSErrorShape {
        public let message: String
        /// The code associated with the service quota.
        public let quotaCode: String
        /// The identifier of the Amazon Web Services resource.
        public let resourceId: String
        /// The resource type, which can be one of Connector, Template, TemplateGroupAccessControlEntry, ServicePrincipalName, or DirectoryRegistration.
        public let resourceType: String
        /// Identifies the originating service.
        public let serviceCode: String

        @inlinable
        public init(message: String, quotaCode: String, resourceId: String, resourceType: String, serviceCode: String) {
            self.message = message
            self.quotaCode = quotaCode
            self.resourceId = resourceId
            self.resourceType = resourceType
            self.serviceCode = serviceCode
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case quotaCode = "QuotaCode"
            case resourceId = "ResourceId"
            case resourceType = "ResourceType"
            case serviceCode = "ServiceCode"
        }
    }

    public struct SubjectNameFlagsV2: AWSEncodableShape & AWSDecodableShape {
        /// Include the common name in the subject name.
        public let requireCommonName: Bool?
        /// Include the directory path in the subject name.
        public let requireDirectoryPath: Bool?
        /// Include the DNS as common name in the subject name.
        public let requireDnsAsCn: Bool?
        /// Include the subject's email in the subject name.
        public let requireEmail: Bool?
        /// Include the globally unique identifier (GUID) in the subject alternate name.
        public let sanRequireDirectoryGuid: Bool?
        /// Include the DNS in the subject alternate name.
        public let sanRequireDns: Bool?
        /// Include the domain DNS in the subject alternate name.
        public let sanRequireDomainDns: Bool?
        /// Include the subject's email in the subject alternate name.
        public let sanRequireEmail: Bool?
        /// Include the service principal name (SPN) in the subject alternate name.
        public let sanRequireSpn: Bool?
        /// Include the user principal name (UPN) in the subject alternate name.
        public let sanRequireUpn: Bool?

        @inlinable
        public init(requireCommonName: Bool? = nil, requireDirectoryPath: Bool? = nil, requireDnsAsCn: Bool? = nil, requireEmail: Bool? = nil, sanRequireDirectoryGuid: Bool? = nil, sanRequireDns: Bool? = nil, sanRequireDomainDns: Bool? = nil, sanRequireEmail: Bool? = nil, sanRequireSpn: Bool? = nil, sanRequireUpn: Bool? = nil) {
            self.requireCommonName = requireCommonName
            self.requireDirectoryPath = requireDirectoryPath
            self.requireDnsAsCn = requireDnsAsCn
            self.requireEmail = requireEmail
            self.sanRequireDirectoryGuid = sanRequireDirectoryGuid
            self.sanRequireDns = sanRequireDns
            self.sanRequireDomainDns = sanRequireDomainDns
            self.sanRequireEmail = sanRequireEmail
            self.sanRequireSpn = sanRequireSpn
            self.sanRequireUpn = sanRequireUpn
        }

        private enum CodingKeys: String, CodingKey {
            case requireCommonName = "RequireCommonName"
            case requireDirectoryPath = "RequireDirectoryPath"
            case requireDnsAsCn = "RequireDnsAsCn"
            case requireEmail = "RequireEmail"
            case sanRequireDirectoryGuid = "SanRequireDirectoryGuid"
            case sanRequireDns = "SanRequireDns"
            case sanRequireDomainDns = "SanRequireDomainDns"
            case sanRequireEmail = "SanRequireEmail"
            case sanRequireSpn = "SanRequireSpn"
            case sanRequireUpn = "SanRequireUpn"
        }
    }

    public struct SubjectNameFlagsV3: AWSEncodableShape & AWSDecodableShape {
        /// Include the common name in the subject name.
        public let requireCommonName: Bool?
        /// Include the directory path in the subject name.
        public let requireDirectoryPath: Bool?
        /// Include the DNS as common name in the subject name.
        public let requireDnsAsCn: Bool?
        /// Include the subject's email in the subject name.
        public let requireEmail: Bool?
        /// Include the globally unique identifier (GUID) in the subject alternate name.
        public let sanRequireDirectoryGuid: Bool?
        /// Include the DNS in the subject alternate name.
        public let sanRequireDns: Bool?
        /// Include the domain DNS in the subject alternate name.
        public let sanRequireDomainDns: Bool?
        /// Include the subject's email in the subject alternate name.
        public let sanRequireEmail: Bool?
        /// Include the service principal name (SPN) in the subject alternate name.
        public let sanRequireSpn: Bool?
        /// Include the user principal name (UPN) in the subject alternate name.
        public let sanRequireUpn: Bool?

        @inlinable
        public init(requireCommonName: Bool? = nil, requireDirectoryPath: Bool? = nil, requireDnsAsCn: Bool? = nil, requireEmail: Bool? = nil, sanRequireDirectoryGuid: Bool? = nil, sanRequireDns: Bool? = nil, sanRequireDomainDns: Bool? = nil, sanRequireEmail: Bool? = nil, sanRequireSpn: Bool? = nil, sanRequireUpn: Bool? = nil) {
            self.requireCommonName = requireCommonName
            self.requireDirectoryPath = requireDirectoryPath
            self.requireDnsAsCn = requireDnsAsCn
            self.requireEmail = requireEmail
            self.sanRequireDirectoryGuid = sanRequireDirectoryGuid
            self.sanRequireDns = sanRequireDns
            self.sanRequireDomainDns = sanRequireDomainDns
            self.sanRequireEmail = sanRequireEmail
            self.sanRequireSpn = sanRequireSpn
            self.sanRequireUpn = sanRequireUpn
        }

        private enum CodingKeys: String, CodingKey {
            case requireCommonName = "RequireCommonName"
            case requireDirectoryPath = "RequireDirectoryPath"
            case requireDnsAsCn = "RequireDnsAsCn"
            case requireEmail = "RequireEmail"
            case sanRequireDirectoryGuid = "SanRequireDirectoryGuid"
            case sanRequireDns = "SanRequireDns"
            case sanRequireDomainDns = "SanRequireDomainDns"
            case sanRequireEmail = "SanRequireEmail"
            case sanRequireSpn = "SanRequireSpn"
            case sanRequireUpn = "SanRequireUpn"
        }
    }

    public struct SubjectNameFlagsV4: AWSEncodableShape & AWSDecodableShape {
        /// Include the common name in the subject name.
        public let requireCommonName: Bool?
        /// Include the directory path in the subject name.
        public let requireDirectoryPath: Bool?
        /// Include the DNS as common name in the subject name.
        public let requireDnsAsCn: Bool?
        /// Include the subject's email in the subject name.
        public let requireEmail: Bool?
        /// Include the globally unique identifier (GUID) in the subject alternate name.
        public let sanRequireDirectoryGuid: Bool?
        /// Include the DNS in the subject alternate name.
        public let sanRequireDns: Bool?
        /// Include the domain DNS in the subject alternate name.
        public let sanRequireDomainDns: Bool?
        /// Include the subject's email in the subject alternate name.
        public let sanRequireEmail: Bool?
        /// Include the service principal name (SPN) in the subject alternate name.
        public let sanRequireSpn: Bool?
        /// Include the user principal name (UPN) in the subject alternate name.
        public let sanRequireUpn: Bool?

        @inlinable
        public init(requireCommonName: Bool? = nil, requireDirectoryPath: Bool? = nil, requireDnsAsCn: Bool? = nil, requireEmail: Bool? = nil, sanRequireDirectoryGuid: Bool? = nil, sanRequireDns: Bool? = nil, sanRequireDomainDns: Bool? = nil, sanRequireEmail: Bool? = nil, sanRequireSpn: Bool? = nil, sanRequireUpn: Bool? = nil) {
            self.requireCommonName = requireCommonName
            self.requireDirectoryPath = requireDirectoryPath
            self.requireDnsAsCn = requireDnsAsCn
            self.requireEmail = requireEmail
            self.sanRequireDirectoryGuid = sanRequireDirectoryGuid
            self.sanRequireDns = sanRequireDns
            self.sanRequireDomainDns = sanRequireDomainDns
            self.sanRequireEmail = sanRequireEmail
            self.sanRequireSpn = sanRequireSpn
            self.sanRequireUpn = sanRequireUpn
        }

        private enum CodingKeys: String, CodingKey {
            case requireCommonName = "RequireCommonName"
            case requireDirectoryPath = "RequireDirectoryPath"
            case requireDnsAsCn = "RequireDnsAsCn"
            case requireEmail = "RequireEmail"
            case sanRequireDirectoryGuid = "SanRequireDirectoryGuid"
            case sanRequireDns = "SanRequireDns"
            case sanRequireDomainDns = "SanRequireDomainDns"
            case sanRequireEmail = "SanRequireEmail"
            case sanRequireSpn = "SanRequireSpn"
            case sanRequireUpn = "SanRequireUpn"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you created the resource.
        public let resourceArn: String
        /// Metadata assigned to a directory registration consisting of a key-value pair.
        public let tags: [String: String]

        @inlinable
        public init(resourceArn: String, tags: [String: String]) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "ResourceArn")
            try container.encode(self.tags, forKey: .tags)
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "Tags"
        }
    }

    public struct Template: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let arn: String?
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String?
        /// The date and time that the template was created.
        public let createdAt: Date?
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        public let definition: TemplateDefinition?
        /// Name of the templates. Template names must be unique.
        public let name: String?
        /// Object identifier of a template.
        public let objectIdentifier: String?
        /// The template schema version. Template schema versions can be v2, v3, or v4. The template configuration options change based on the template schema version.
        public let policySchema: Int?
        /// The version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
        public let revision: TemplateRevision?
        /// Status of the template. Status can be creating, active, deleting, or failed.
        public let status: TemplateStatus?
        /// The date and time that the template was updated.
        public let updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, connectorArn: String? = nil, createdAt: Date? = nil, definition: TemplateDefinition? = nil, name: String? = nil, objectIdentifier: String? = nil, policySchema: Int? = nil, revision: TemplateRevision? = nil, status: TemplateStatus? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.connectorArn = connectorArn
            self.createdAt = createdAt
            self.definition = definition
            self.name = name
            self.objectIdentifier = objectIdentifier
            self.policySchema = policySchema
            self.revision = revision
            self.status = status
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case connectorArn = "ConnectorArn"
            case createdAt = "CreatedAt"
            case definition = "Definition"
            case name = "Name"
            case objectIdentifier = "ObjectIdentifier"
            case policySchema = "PolicySchema"
            case revision = "Revision"
            case status = "Status"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct TemplateRevision: AWSDecodableShape {
        /// The revision version of the template. Re-enrolling all certificate holders will increment the major revision.
        public let majorRevision: Int
        /// The revision version of the template. Re-enrolling all certificate holders will increment the major revision.
        public let minorRevision: Int

        @inlinable
        public init(majorRevision: Int, minorRevision: Int) {
            self.majorRevision = majorRevision
            self.minorRevision = minorRevision
        }

        private enum CodingKeys: String, CodingKey {
            case majorRevision = "MajorRevision"
            case minorRevision = "MinorRevision"
        }
    }

    public struct TemplateSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let arn: String?
        ///  The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
        public let connectorArn: String?
        /// The date and time that the template was created.
        public let createdAt: Date?
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        public let definition: TemplateDefinition?
        /// Name of the template. The template name must be unique.
        public let name: String?
        /// Object identifier of a template.
        public let objectIdentifier: String?
        /// The template schema version. Template schema versions can be v2, v3, or v4. The template configuration options change based on the template schema version.
        public let policySchema: Int?
        /// The revision version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
        public let revision: TemplateRevision?
        /// Status of the template. Status can be creating, active, deleting, or failed.
        public let status: TemplateStatus?
        /// The date and time that the template was updated.
        public let updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, connectorArn: String? = nil, createdAt: Date? = nil, definition: TemplateDefinition? = nil, name: String? = nil, objectIdentifier: String? = nil, policySchema: Int? = nil, revision: TemplateRevision? = nil, status: TemplateStatus? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.connectorArn = connectorArn
            self.createdAt = createdAt
            self.definition = definition
            self.name = name
            self.objectIdentifier = objectIdentifier
            self.policySchema = policySchema
            self.revision = revision
            self.status = status
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case connectorArn = "ConnectorArn"
            case createdAt = "CreatedAt"
            case definition = "Definition"
            case name = "Name"
            case objectIdentifier = "ObjectIdentifier"
            case policySchema = "PolicySchema"
            case revision = "Revision"
            case status = "Status"
            case updatedAt = "UpdatedAt"
        }
    }

    public struct TemplateV2: AWSEncodableShape & AWSDecodableShape {
        /// Certificate validity describes the validity and renewal periods of a certificate.
        public let certificateValidity: CertificateValidity
        /// Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
        public let enrollmentFlags: EnrollmentFlagsV2
        /// Extensions describe the key usage extensions and application policies for a template.
        public let extensions: ExtensionsV2
        /// General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
        public let generalFlags: GeneralFlagsV2
        /// Private key attributes allow you to specify the minimal key length, key spec, and cryptographic providers for the private key of a certificate for v2 templates. V2 templates allow you to use Legacy Cryptographic Service Providers.
        public let privateKeyAttributes: PrivateKeyAttributesV2
        /// Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
        public let privateKeyFlags: PrivateKeyFlagsV2
        /// Subject name flags describe the subject name and subject alternate name that is included in a certificate.
        public let subjectNameFlags: SubjectNameFlagsV2
        /// List of templates in Active Directory that are superseded by this template.
        public let supersededTemplates: [String]?

        @inlinable
        public init(certificateValidity: CertificateValidity, enrollmentFlags: EnrollmentFlagsV2, extensions: ExtensionsV2, generalFlags: GeneralFlagsV2, privateKeyAttributes: PrivateKeyAttributesV2, privateKeyFlags: PrivateKeyFlagsV2, subjectNameFlags: SubjectNameFlagsV2, supersededTemplates: [String]? = nil) {
            self.certificateValidity = certificateValidity
            self.enrollmentFlags = enrollmentFlags
            self.extensions = extensions
            self.generalFlags = generalFlags
            self.privateKeyAttributes = privateKeyAttributes
            self.privateKeyFlags = privateKeyFlags
            self.subjectNameFlags = subjectNameFlags
            self.supersededTemplates = supersededTemplates
        }

        public func validate(name: String) throws {
            try self.extensions.validate(name: "\(name).extensions")
            try self.privateKeyAttributes.validate(name: "\(name).privateKeyAttributes")
            try self.supersededTemplates?.forEach {
                try validate($0, name: "supersededTemplates[]", parent: name, max: 64)
                try validate($0, name: "supersededTemplates[]", parent: name, min: 1)
                try validate($0, name: "supersededTemplates[]", parent: name, pattern: "^(?!^\\s+$)((?![\\x5c'\\x2b,;<=>#\\x22])([\\x20-\\x7E]))+$")
            }
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, max: 100)
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateValidity = "CertificateValidity"
            case enrollmentFlags = "EnrollmentFlags"
            case extensions = "Extensions"
            case generalFlags = "GeneralFlags"
            case privateKeyAttributes = "PrivateKeyAttributes"
            case privateKeyFlags = "PrivateKeyFlags"
            case subjectNameFlags = "SubjectNameFlags"
            case supersededTemplates = "SupersededTemplates"
        }
    }

    public struct TemplateV3: AWSEncodableShape & AWSDecodableShape {
        /// Certificate validity describes the validity and renewal periods of a certificate.
        public let certificateValidity: CertificateValidity
        /// Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
        public let enrollmentFlags: EnrollmentFlagsV3
        /// Extensions describe the key usage extensions and application policies for a template.
        public let extensions: ExtensionsV3
        /// General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
        public let generalFlags: GeneralFlagsV3
        /// Specifies the hash algorithm used to hash the private key.
        public let hashAlgorithm: HashAlgorithm
        /// Private key attributes allow you to specify the algorithm, minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v3 templates. V3 templates allow you to use Key Storage Providers.
        public let privateKeyAttributes: PrivateKeyAttributesV3
        /// Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
        public let privateKeyFlags: PrivateKeyFlagsV3
        /// Subject name flags describe the subject name and subject alternate name that is included in a certificate.
        public let subjectNameFlags: SubjectNameFlagsV3
        /// List of templates in Active Directory that are superseded by this template.
        public let supersededTemplates: [String]?

        @inlinable
        public init(certificateValidity: CertificateValidity, enrollmentFlags: EnrollmentFlagsV3, extensions: ExtensionsV3, generalFlags: GeneralFlagsV3, hashAlgorithm: HashAlgorithm, privateKeyAttributes: PrivateKeyAttributesV3, privateKeyFlags: PrivateKeyFlagsV3, subjectNameFlags: SubjectNameFlagsV3, supersededTemplates: [String]? = nil) {
            self.certificateValidity = certificateValidity
            self.enrollmentFlags = enrollmentFlags
            self.extensions = extensions
            self.generalFlags = generalFlags
            self.hashAlgorithm = hashAlgorithm
            self.privateKeyAttributes = privateKeyAttributes
            self.privateKeyFlags = privateKeyFlags
            self.subjectNameFlags = subjectNameFlags
            self.supersededTemplates = supersededTemplates
        }

        public func validate(name: String) throws {
            try self.extensions.validate(name: "\(name).extensions")
            try self.privateKeyAttributes.validate(name: "\(name).privateKeyAttributes")
            try self.supersededTemplates?.forEach {
                try validate($0, name: "supersededTemplates[]", parent: name, max: 64)
                try validate($0, name: "supersededTemplates[]", parent: name, min: 1)
                try validate($0, name: "supersededTemplates[]", parent: name, pattern: "^(?!^\\s+$)((?![\\x5c'\\x2b,;<=>#\\x22])([\\x20-\\x7E]))+$")
            }
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, max: 100)
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateValidity = "CertificateValidity"
            case enrollmentFlags = "EnrollmentFlags"
            case extensions = "Extensions"
            case generalFlags = "GeneralFlags"
            case hashAlgorithm = "HashAlgorithm"
            case privateKeyAttributes = "PrivateKeyAttributes"
            case privateKeyFlags = "PrivateKeyFlags"
            case subjectNameFlags = "SubjectNameFlags"
            case supersededTemplates = "SupersededTemplates"
        }
    }

    public struct TemplateV4: AWSEncodableShape & AWSDecodableShape {
        /// Certificate validity describes the validity and renewal periods of a certificate.
        public let certificateValidity: CertificateValidity
        /// Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
        public let enrollmentFlags: EnrollmentFlagsV4
        /// Extensions describe the key usage extensions and application policies for a template.
        public let extensions: ExtensionsV4
        /// General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
        public let generalFlags: GeneralFlagsV4
        /// Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
        public let hashAlgorithm: HashAlgorithm?
        /// Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
        public let privateKeyAttributes: PrivateKeyAttributesV4
        /// Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
        public let privateKeyFlags: PrivateKeyFlagsV4
        /// Subject name flags describe the subject name and subject alternate name that is included in a certificate.
        public let subjectNameFlags: SubjectNameFlagsV4
        /// List of templates in Active Directory that are superseded by this template.
        public let supersededTemplates: [String]?

        @inlinable
        public init(certificateValidity: CertificateValidity, enrollmentFlags: EnrollmentFlagsV4, extensions: ExtensionsV4, generalFlags: GeneralFlagsV4, hashAlgorithm: HashAlgorithm? = nil, privateKeyAttributes: PrivateKeyAttributesV4, privateKeyFlags: PrivateKeyFlagsV4, subjectNameFlags: SubjectNameFlagsV4, supersededTemplates: [String]? = nil) {
            self.certificateValidity = certificateValidity
            self.enrollmentFlags = enrollmentFlags
            self.extensions = extensions
            self.generalFlags = generalFlags
            self.hashAlgorithm = hashAlgorithm
            self.privateKeyAttributes = privateKeyAttributes
            self.privateKeyFlags = privateKeyFlags
            self.subjectNameFlags = subjectNameFlags
            self.supersededTemplates = supersededTemplates
        }

        public func validate(name: String) throws {
            try self.extensions.validate(name: "\(name).extensions")
            try self.privateKeyAttributes.validate(name: "\(name).privateKeyAttributes")
            try self.supersededTemplates?.forEach {
                try validate($0, name: "supersededTemplates[]", parent: name, max: 64)
                try validate($0, name: "supersededTemplates[]", parent: name, min: 1)
                try validate($0, name: "supersededTemplates[]", parent: name, pattern: "^(?!^\\s+$)((?![\\x5c'\\x2b,;<=>#\\x22])([\\x20-\\x7E]))+$")
            }
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, max: 100)
            try self.validate(self.supersededTemplates, name: "supersededTemplates", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateValidity = "CertificateValidity"
            case enrollmentFlags = "EnrollmentFlags"
            case extensions = "Extensions"
            case generalFlags = "GeneralFlags"
            case hashAlgorithm = "HashAlgorithm"
            case privateKeyAttributes = "PrivateKeyAttributes"
            case privateKeyFlags = "PrivateKeyFlags"
            case subjectNameFlags = "SubjectNameFlags"
            case supersededTemplates = "SupersededTemplates"
        }
    }

    public struct ThrottlingException: AWSErrorShape {
        public let message: String
        /// The code associated with the quota.
        public let quotaCode: String?
        /// Identifies the originating service.
        public let serviceCode: String?

        @inlinable
        public init(message: String, quotaCode: String? = nil, serviceCode: String? = nil) {
            self.message = message
            self.quotaCode = quotaCode
            self.serviceCode = serviceCode
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case quotaCode = "QuotaCode"
            case serviceCode = "ServiceCode"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you created the resource.
        public let resourceArn: String
        /// Specifies a list of tag keys that you want to remove from the specified resources.
        public let tagKeys: [String]

        @inlinable
        public init(resourceArn: String, tagKeys: [String]) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "ResourceArn")
            request.encodeQuery(self.tagKeys, key: "tagKeys")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct UpdateTemplateGroupAccessControlEntryRequest: AWSEncodableShape {
        /// Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
        public let accessRights: AccessRights?
        /// Name of the Active Directory group. This name does not need to match the group name in Active Directory.
        public let groupDisplayName: String?
        /// Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
        public let groupSecurityIdentifier: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(accessRights: AccessRights? = nil, groupDisplayName: String? = nil, groupSecurityIdentifier: String, templateArn: String) {
            self.accessRights = accessRights
            self.groupDisplayName = groupDisplayName
            self.groupSecurityIdentifier = groupSecurityIdentifier
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.accessRights, forKey: .accessRights)
            try container.encodeIfPresent(self.groupDisplayName, forKey: .groupDisplayName)
            request.encodePath(self.groupSecurityIdentifier, key: "GroupSecurityIdentifier")
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.groupDisplayName, name: "groupDisplayName", parent: name, max: 256)
            try self.validate(self.groupDisplayName, name: "groupDisplayName", parent: name, pattern: "^[\\x20-\\x7E]+$")
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, max: 256)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, min: 7)
            try self.validate(self.groupSecurityIdentifier, name: "groupSecurityIdentifier", parent: name, pattern: "^S-[0-9]-([0-9]+-){1,14}[0-9]+$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessRights = "AccessRights"
            case groupDisplayName = "GroupDisplayName"
        }
    }

    public struct UpdateTemplateRequest: AWSEncodableShape {
        /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
        public let definition: TemplateDefinition?
        /// This setting allows the major version of a template to be increased automatically. All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.
        public let reenrollAllCertificateHolders: Bool?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
        public let templateArn: String

        @inlinable
        public init(definition: TemplateDefinition? = nil, reenrollAllCertificateHolders: Bool? = nil, templateArn: String) {
            self.definition = definition
            self.reenrollAllCertificateHolders = reenrollAllCertificateHolders
            self.templateArn = templateArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.definition, forKey: .definition)
            try container.encodeIfPresent(self.reenrollAllCertificateHolders, forKey: .reenrollAllCertificateHolders)
            request.encodePath(self.templateArn, key: "TemplateArn")
        }

        public func validate(name: String) throws {
            try self.definition?.validate(name: "\(name).definition")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/template\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case definition = "Definition"
            case reenrollAllCertificateHolders = "ReenrollAllCertificateHolders"
        }
    }

    public struct ValidationException: AWSErrorShape {
        public let message: String
        /// The reason for the validation error. This won't be return for every validation exception.
        public let reason: ValidationExceptionReason?

        @inlinable
        public init(message: String, reason: ValidationExceptionReason? = nil) {
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case reason = "Reason"
        }
    }

    public struct ValidityPeriod: AWSEncodableShape & AWSDecodableShape {
        /// The numeric value for the validity period.
        public let period: Int64
        /// The unit of time. You can select hours, days, weeks, months, and years.
        public let periodType: ValidityPeriodType

        @inlinable
        public init(period: Int64, periodType: ValidityPeriodType) {
            self.period = period
            self.periodType = periodType
        }

        private enum CodingKeys: String, CodingKey {
            case period = "Period"
            case periodType = "PeriodType"
        }
    }

    public struct VpcInformation: AWSEncodableShape & AWSDecodableShape {
        /// The VPC IP address type.
        public let ipAddressType: IpAddressType?
        /// The security groups used with the connector. You can use a maximum of 4 security groups with a connector.
        public let securityGroupIds: [String]

        @inlinable
        public init(ipAddressType: IpAddressType? = nil, securityGroupIds: [String]) {
            self.ipAddressType = ipAddressType
            self.securityGroupIds = securityGroupIds
        }

        public func validate(name: String) throws {
            try self.securityGroupIds.forEach {
                try validate($0, name: "securityGroupIds[]", parent: name, max: 20)
                try validate($0, name: "securityGroupIds[]", parent: name, min: 11)
                try validate($0, name: "securityGroupIds[]", parent: name, pattern: "^(?:sg-[0-9a-f]{8}|sg-[0-9a-f]{17})$")
            }
            try self.validate(self.securityGroupIds, name: "securityGroupIds", parent: name, max: 4)
            try self.validate(self.securityGroupIds, name: "securityGroupIds", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case ipAddressType = "IpAddressType"
            case securityGroupIds = "SecurityGroupIds"
        }
    }
}

// MARK: - Errors

/// Error enum for PcaConnectorAd
public struct PcaConnectorAdErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case conflictException = "ConflictException"
        case internalServerException = "InternalServerException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case serviceQuotaExceededException = "ServiceQuotaExceededException"
        case throttlingException = "ThrottlingException"
        case validationException = "ValidationException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize PcaConnectorAd
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You can receive this error if you attempt to create a resource share when you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// This request cannot be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
    public static var conflictException: Self { .init(.conflictException) }
    /// The request processing has failed because of an unknown error, exception or failure with an internal server.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// The operation tried to access a nonexistent resource. The resource might not be specified correctly, or its status might not be ACTIVE.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// Request would cause a service quota to be exceeded.
    public static var serviceQuotaExceededException: Self { .init(.serviceQuotaExceededException) }
    /// The limit on the number of requests per second was exceeded.
    public static var throttlingException: Self { .init(.throttlingException) }
    /// An input validation error occurred. For example, invalid characters in a template name, or if a pagination token is invalid.
    public static var validationException: Self { .init(.validationException) }
}

extension PcaConnectorAdErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "ConflictException": PcaConnectorAd.ConflictException.self,
        "ResourceNotFoundException": PcaConnectorAd.ResourceNotFoundException.self,
        "ServiceQuotaExceededException": PcaConnectorAd.ServiceQuotaExceededException.self,
        "ThrottlingException": PcaConnectorAd.ThrottlingException.self,
        "ValidationException": PcaConnectorAd.ValidationException.self
    ]
}

extension PcaConnectorAdErrorType: Equatable {
    public static func == (lhs: PcaConnectorAdErrorType, rhs: PcaConnectorAdErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension PcaConnectorAdErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
